Tree - rpms/rubygem-actionview - src.fedoraproject.org

pvalena / rpms / rubygem-actionview

Forked from rpms/rubygem-actionview 6 years ago
Files

Blob Blame History Raw
%global gem_name actionview
%global bootstrap 0

Name: rubygem-%{gem_name}
Version: 4.2.3
Release: 6%{?dist}
Summary: Rendering framework putting the V in MVC (part of Rails)
Group: Development/Languages
License: MIT
URL: http://www.rubyonrails.org
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
# git clone http://github.com/rails/rails.git
# cd rails/actionview/
# git checkout v4.2.3
# tar czvf actionview-4.2.3-tests.tgz test/
Source1: %{gem_name}-%{version}-tests.tgz

# Fix CVE-2016-0752 Possible Information Leak Vulnerability
# https://bugzilla.redhat.com/show_bug.cgi?id=1301964
Patch0: rubygem-actionview-4.2.3-CVE-2016-0752-fix-possible-information-leak-vulnerability.patch
Patch1: rubygem-actionview-4.2.3-CVE-2016-0752-fix-possible-information-leak-vulnerability-tests.patch

# Fix rails-html-sanitizer v1.0.3 compatiblity.
# https://github.com/rails/rails/pull/23242
Patch2: rubygem-actionview-4.2.6-Fix-sanitizer-tests.patch

# Fix CVE-2016-2098: Code injection vulnerability.
# https://bugzilla.redhat.com/show_bug.cgi?id=1310054
Patch3: rubygem-actionview-4.2.5.2-secure_inline_with_params.patch
Patch4: rubygem-actionview-4.2.5.2-secure_inline_with_params-tests.patch

# Fix CVE-2016-6316 cross-site scripting flaw in Action View
# https://bugzilla.redhat.com/show_bug.cgi?id=1366480
Patch5: rubygem-actionview-4.2.7.1-CVE-2016-6316-attribute-xss.patch
Patch6: rubygem-actionview-4.2.7.1-CVE-2016-6316-attribute-xss-tests.patch
Patch7: rubygem-actionview-4.2.7.1-CVE-2016-6316-ensure-values.patch
Patch8: rubygem-actionview-4.2.7.1-CVE-2016-6316-ensure-values-tests.patch

BuildRequires: ruby(release)
BuildRequires: rubygems-devel
%if 0%{bootstrap} < 1
BuildRequires: rubygem(activesupport) = %{version}
BuildRequires: rubygem(activerecord) = %{version}
BuildRequires: rubygem(actionpack) = %{version}
BuildRequires: rubygem(railties) = %{version}
BuildRequires: rubygem(sqlite3)
BuildRequires: rubygem(minitest)
BuildRequires: rubygem(mocha) >= 0.9.8
%endif
BuildArch: noarch

%description
Simple, battle-tested conventions and helpers for building web pages.


%package doc
Summary: Documentation for %{name}
Group: Documentation
Requires: %{name} = %{version}-%{release}
BuildArch: noarch

%description doc
Documentation for %{name}.

%prep
gem unpack %{SOURCE0}
%setup -q -D -T -n  %{gem_name}-%{version}

gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec

%patch0 -p2
%patch3 -p2
%patch5 -p2
%patch7 -p2

%build
gem build %{gem_name}.gemspec
%gem_install

%install
mkdir -p %{buildroot}%{gem_dir}
cp -pa .%{gem_dir}/* \
        %{buildroot}%{gem_dir}/

%if 0%{bootstrap} < 1
%check
pushd .%{gem_instdir}

tar xzvf %{SOURCE1} -C .

patch -F 0 -p2 < %{PATCH1}
patch -p2 < %{PATCH2}
patch -p2 < %{PATCH4}
patch -p2 < %{PATCH6}
patch -p2 < %{PATCH8}

# This requires rails git structure and only requires bundler in the end
sed -i "s|require File.expand_path('../../../load_paths', __FILE__)||" ./test/abstract_unit.rb
sed -i '16,18d' ./test/active_record_unit.rb

# Run separately as we need to avoid superclass mismatch errors
ruby -Ilib:test -e "Dir.glob('./test/{actionpack,activerecord,lib}/*_test.rb').each {|t| require t}"
ruby -Ilib:test -e "Dir.glob('./test/template/*_test.rb').each {|t| require t}"

popd
%endif

%files
%dir %{gem_instdir}
%{gem_libdir}
%exclude %{gem_cache}
%{gem_spec}
%doc %{gem_instdir}/MIT-LICENSE

%files doc
%doc %{gem_docdir}
%doc %{gem_instdir}/README.rdoc
%doc %{gem_instdir}/CHANGELOG.md

%changelog
* Tue Aug 16 2016 Jun Aruga <jaruga@redhat.com> - 4.2.3-6
- Fix for CVE-2016-6316 (rhbz#1366480)

* Mon Mar 07 2016 Vít Ondruch <vondruch@redhat.com> - 4.2.3-5
- Apply the security fix properly!

* Mon Mar 07 2016 Vít Ondruch <vondruch@redhat.com> - 4.2.3-4
- Fix rails-html-sanitizer v1.0.3 compatiblity.
- Fix code injection vulnerability (CVE-2016-2098).

* Thu Jan 28 2016 Pavel Valena <pvalena@redhat.com> - 4.2.3-3
- Fix CVE-2016-0752 Possible Information Leak Vulnerability - rhbz#1301964

* Wed Jul 01 2015 Josef Stribny <jstribny@redhat.com> - 4.2.3-2
- Enable tests

* Tue Jun 30 2015 Josef Stribny <jstribny@redhat.com> - 4.2.3-1
- Update to actionview 4.2.3

* Tue Jun 23 2015 Josef Stribny <jstribny@redhat.com> - 4.2.2-2
- Run tests

* Mon Jun 22 2015 Josef Stribny <jstribny@redhat.com> - 4.2.2-1
- Update to actionview 4.2.2

* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Fri Mar 20 2015 Josef Stribny <jstribny@redhat.com> - 4.2.1-2
- Run tests

* Fri Mar 20 2015 Josef Stribny <jstribny@redhat.com> - 4.2.1-1
- Update to actionview 4.2.1

* Fri Feb 13 2015 Josef Stribny <jstribny@redhat.com> - 4.2.0-2
- Run tests

* Mon Feb 09 2015 Josef Stribny <jstribny@redhat.com> - 4.2.0-1
- Update to actionview 4.2.0

* Mon Aug 25 2014 Josef Stribny <jstribny@redhat.com> - 4.1.5-1
- Update to actionview 4.1.5

* Fri Jul 04 2014 Josef Stribny <jstribny@redhat.com> - 4.1.4-1
- Update to actionview 4.1.4

* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Thu May 22 2014 Josef Stribny <jstribny@redhat.com> - 4.1.1-1
- Update to ActionView 4.1.1

* Tue Apr 15 2014 Josef Stribny <jstribny@redhat.com> - 4.1.0-2
- Unpack test suite in %%check
- Adjust tests to run with all dependencies

* Thu Apr 10 2014 Josef Stribny <jstribny@redhat.com> - 4.1.0-1
- Initial package
pvalena / rpms / rubygem-actionview

Source Code

Files
